• Josh Abraham

    Group Policy Preferences (GPP) Pwned

    Posted on Sunday, September 13, 2015 by Josh Abraham

    Over the past few months I’ve had a chance to clean up some code that we’ve used internally for penetration testing for some time now. This code was built to demonstrate the weaknesses of using Group Policy Preferences (GPP) to store and distribute local or domain credentials. We have found that many organizations store local admin, domain service, and even Domain Admin account credentials using GPP. The module that I submitted to the Metasploit Github repo provides the ability to enumerate GPP credentials as a domain user with access to the SMB share on the DC. Extracted credentials will be stored in the Metasploit creds tables.

    read more »

  • Richard Penshorn

    Microsoft’s Local Administrator Password Solution (LAPS)

    Posted on Wednesday, May 06, 2015 by Richard Penshorn

    Hackers, incident responders, and penetration testers alike know that valid credential reuse is one of the most common real-world vulnerabilities in today’s networks. Valid credential reuse dominates as the top vulnerability in Verizon’s 2014/2015 Data Breach Investigations Reports Microsoft networks remain amongst the most vulnerable and exploited due to the way in which Active Directory is typically deployed: A base image is created with a standard local administrator password, which is duplicated on all workstations in the environment. When an attacker compromises any workstation, the local administrator password hash can be obtained and used to access every other workstation using the classic Active Directory exploit Pass-the-Hash (PtH). This methodology is described in detail in FireEye/Mandiant M-Trends 2015 case studies.

    read more »

  • Julian Dunning

    Statistics Will Crack Your Password

    Posted on Monday, April 13, 2015 by Julian Dunning

    When hackers or penetration testers compromise a system and want access to clear text passwords from a database dump, they must first crack the password hashes that are stored. Many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. This discussion will demonstrate some effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.

    read more »

  • Paul Jauregui

    Navigating Today’s Shared Security Responsibility Model in the Cloud

    Posted on Tuesday, March 24, 2015 by Paul Jauregui

    How do you protect the confidentiality, integrity, and availability of systems and data in your organization's growing cloud environments? It starts by understanding your responsibility.

    Addressing security in a public cloud environment is slightly different than in your on-premises data centers. When you move systems and data to the cloud, security responsibilities become shared between your organization and the cloud service provider. Infrastructure as a Service (IaaS) providers, such as Amazon Web Services (AWS), are responsible for securing the underlying infrastructure that supports the cloud, and you are responsible for anything you put on the cloud or connect to the cloud.

    read more »

  • Andrew Chang-Gu

    NIST Cybersecurity Framework vs. NIST Special Publication 800-53

    Posted on Monday, March 02, 2015 by Andrew Chang-Gu

    With the recent high-profile attacks on Sony and Anthem, it's clear that cyber risks continue to grow and that organizations need to do more to strengthen their cybersecurity defenses. Security frameworks exist to guide the implementation and management of security controls, and they should be used by any organization looking to intelligently manage cyber risk. A security framework helps prevent a haphazard approach to information security, and reduces potential gaps in the organization’s security efforts.

    The ideal framework provides a complete guide to current information security best practices while leaving room for an organization to customize its implementation of controls to its unique needs and risk profile. Several existing and well-known cybersecurity frameworks include COBIT 5, ISO 27000, and NIST 800-53. Recently, a new framework has come into play: NIST’s “Framework for Improving Critical Infrastructure Cybersecurity.”

    read more »

  • Romulo Salazar

    Cloud Security Best Practices for Amazon Web Services (AWS)

    Posted on Thursday, October 02, 2014 by Romulo Salazar

    Over the last 18-months we have seen more and more of our clients turn to IaaS (Infrastructure-as-a-Service) providers to support their enterprise infrastructure needs. While there are obvious benefits to utilizing these types of services, such as reducing the complexity associated with managing an enterprise infrastructure, moving to the cloud can also introduce new security concerns. Most often these concerns arise as a result of misconfigured cloud instances.

    read more »

  • Paul Jauregui

    CRITICAL: Bash “Shellshock” Vulnerability

    Posted on Friday, September 26, 2014 by Paul Jauregui

    On September 24, 2014, a vulnerability in Bash—now referred to as the ‘Shellshock’ bug—was publicly announced after its discovery last week by Stephane Chazelas. Security experts expect the Shellshock bug to have significant and widespread impact, potentially more devastating than Heartbleed.

    read more »

  • Coleton Pierson

    Building the HashCat API in Ruby to Crack Passwords in the Cloud

    Posted on Tuesday, September 23, 2014 by Coleton Pierson

    Have you ever had an amazing idea for automating two or more pieces of technology and then realized one of them doesn't have an API? I came across this problem more than once during the development of a couple of projects here at Praetorian. In this post, I'll share some of the libraries and techniques I have used to build out APIs for CLI programs, such as HashCat and nmap. Hopefully, these techniques and libraries will be helpful to you when building out new web applications and frameworks.

    read more »

  • Kelby Ludwig

    Why You Should Add Joern to Your Source Code Audit Toolkit

    Posted on Tuesday, September 09, 2014 by Kelby Ludwig

    Joern is a static analysis tool for C / C++ code. It builds a graph that models syntax. The graphs are built out using Joern’s fuzzy parser. The fuzzy parser allows for Joern to parse code that is not necessarily in a working state (i.e., does not have to compile). Joern builds this graph with multiple useful properties that allow users to define meaningful traversals. These traversals can be used to identify potentially vulnerable code with a low false-positive rate.

    read more »

  • Anthony Marquez

    Using Developer Debugging Tools to Pentest Mobile Applications

    Posted on Thursday, August 28, 2014 by Anthony Marquez

    During a recent assessment, I was pentesting a hybrid mobile application that is a companion to a web application. The applications allow users to collaborate while creating new interactive digital content. Through the web interface, content creators are allowed to upload a wide range of files, including HTML files, and share the content with other individuals in their organization. Thus, any user with proper permissions is able to view and edit shared content.

    read more »

Your World, Secured.

Get Instant Email Alerts

Cutting-edge information security news and research delivered to your inbox.
Tech Puzzles

Try our Puzzles

Test your problem solving skills. Do you have what it takes?

Try puzzles »